diff --git a/eden/mononoke/Cargo.toml b/eden/mononoke/Cargo.toml
index 2b45c9408b811..133aef8809a24 100644
--- a/eden/mononoke/Cargo.toml
+++ b/eden/mononoke/Cargo.toml
@@ -1,6 +1,7 @@
 [workspace]
 
 members = [
+    ".",
     "backsyncer",
     "benchmark",
     "blobimport_lib",
@@ -47,6 +48,7 @@ members = [
     "changesets/if",
     "cmdlib",
     "cmdlib/x_repo",
+    "cmds/blobrepo_checker",
     "commit_rewriting/bookmark_renaming",
     "commit_rewriting/cross_repo_sync",
     "commit_rewriting/cross_repo_sync/test_utils",
@@ -83,6 +85,8 @@ members = [
     "git/git_types",
     "git/git_types/if",
     "git/gitimport",
+    "gotham_ext",
+    "hgcli",
     "hgproto",
     "hook_tailer",
     "hooks",
diff --git a/eden/mononoke/cmds/blobrepo_checker/Cargo.toml b/eden/mononoke/cmds/blobrepo_checker/Cargo.toml
new file mode 100644
index 0000000000000..1393010f57529
--- /dev/null
+++ b/eden/mononoke/cmds/blobrepo_checker/Cargo.toml
@@ -0,0 +1,24 @@
+[package]
+name = "blobrepo_checker"
+edition = "2018"
+version = "0.1.0"
+authors = ['Facebook']
+license = "GPLv2+"
+include = ["src/**/*.rs"]
+
+[dependencies]
+blobrepo = { path = "../../blobrepo" }
+blobstore = { path = "../../blobstore" }
+bookmarks = { path = "../../bookmarks" }
+cmdlib = { path = "../../cmdlib" }
+context = { path = "../../server/context" }
+filestore = { path = "../../filestore" }
+mercurial_types = { path = "../../mercurial/types" }
+mononoke_types = { path = "../../mononoke_types" }
+cloned = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+fbinit = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+futures_ext = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+anyhow = "1.0"
+futures = "0.1"
+thiserror = "1.0"
+tokio = "0.1"
diff --git a/eden/mononoke/cmds/bonsai_verify/main.rs b/eden/mononoke/cmds/bonsai_verify/main.rs
index efe74ad40847b..4984735ecfa4e 100644
--- a/eden/mononoke/cmds/bonsai_verify/main.rs
+++ b/eden/mononoke/cmds/bonsai_verify/main.rs
@@ -249,7 +249,7 @@ fn subcommand_round_trip(
         .discard()
     };
 
-    tokio::run(verify_fut);
+    tokio_old::run(verify_fut);
 
     let end_points: Vec<_> = end_receiver.into_iter().collect();
     process::exit(summarize(
diff --git a/eden/mononoke/gotham_ext/Cargo.toml b/eden/mononoke/gotham_ext/Cargo.toml
new file mode 100644
index 0000000000000..3dfb1390dcb47
--- /dev/null
+++ b/eden/mononoke/gotham_ext/Cargo.toml
@@ -0,0 +1,32 @@
+[package]
+name = "gotham_ext"
+edition = "2018"
+version = "0.1.0"
+authors = ['Facebook']
+license = "GPLv2+"
+include = ["src/**/*.rs"]
+
+[dependencies]
+permission_checker = { path = "../permission_checker" }
+anyhow = "1.0"
+async-trait = "0.1.29"
+bytes = { version = "0.5", features = ["serde"] }
+failure = "0.1"
+futures = { version = "0.3", features = ["async-await", "compat"] }
+gotham = { version = "=0.5.0-dev", default-features = false }
+gotham_derive = "=0.5.0-dev"
+hex = "0.4"
+http = "0.2"
+hyper = "0.13"
+itertools = "0.8"
+lazy_static = "1.0"
+mime = "0.3.14"
+openssl = "0.10"
+percent-encoding = "2.1"
+serde = { version = "1.0", features = ["derive", "rc"] }
+serde_derive = "1.0"
+serde_json = "1.0"
+
+[dev-dependencies]
+async_unit = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+tokio = { version = "=0.2.13", features = ["full"] }
diff --git a/eden/mononoke/gotham_ext/src/middleware/client_identity.rs b/eden/mononoke/gotham_ext/src/middleware/client_identity.rs
index c161d1d1edeea..dc0aa8c48bcbf 100644
--- a/eden/mononoke/gotham_ext/src/middleware/client_identity.rs
+++ b/eden/mononoke/gotham_ext/src/middleware/client_identity.rs
@@ -9,7 +9,6 @@ use gotham::state::{client_addr, FromState, State};
 use gotham_derive::StateData;
 use hyper::header::HeaderMap;
 use hyper::{Body, Response};
-use identity_ext::json::get_identities;
 use lazy_static::lazy_static;
 use percent_encoding::percent_decode;
 use permission_checker::{MononokeIdentity, MononokeIdentitySet};
@@ -97,12 +96,7 @@ fn request_identities_from_headers(headers: &HeaderMap) -> Option<MononokeIdenti
     let json_identities = percent_decode(encoded_identities.as_bytes())
         .decode_utf8()
         .ok()?;
-    let identities = get_identities(&json_identities)
-        .ok()?
-        .into_iter()
-        .filter_map(|id| MononokeIdentity::try_from_identity(&id).ok())
-        .collect();
-    Some(identities)
+    MononokeIdentity::try_from_json_encoded(&json_identities).ok()
 }
 
 fn request_client_correlator_from_headers(headers: &HeaderMap) -> Option<String> {
diff --git a/eden/mononoke/gotham_ext/src/socket_data.rs b/eden/mononoke/gotham_ext/src/socket_data.rs
index 1da1ffc923c0d..c9d76e966d82d 100644
--- a/eden/mononoke/gotham_ext/src/socket_data.rs
+++ b/eden/mononoke/gotham_ext/src/socket_data.rs
@@ -85,11 +85,8 @@ pub struct TlsCertificateIdentities {
 impl TlsCertificateIdentities {
     pub fn from_ssl(ssl: &SslRef) -> Option<Self> {
         let peer_certificate = ssl.peer_certificate()?;
-        let identities = identity_ext::x509::get_identities(&peer_certificate)
-            .ok()?
-            .into_iter()
-            .filter_map(|id| MononokeIdentity::try_from_identity(&id).ok())
-            .collect();
-        Some(Self { identities })
+        Some(Self {
+            identities: MononokeIdentity::try_from_x509(&peer_certificate).ok()?,
+        })
     }
 }
diff --git a/eden/mononoke/hgcli/Cargo.toml b/eden/mononoke/hgcli/Cargo.toml
new file mode 100644
index 0000000000000..535fc9f3de23f
--- /dev/null
+++ b/eden/mononoke/hgcli/Cargo.toml
@@ -0,0 +1,33 @@
+[package]
+name = "hgcli"
+edition = "2018"
+version = "0.1.0"
+authors = ['Facebook']
+license = "GPLv2+"
+include = ["src/**/*.rs"]
+
+[dependencies]
+context = { path = "../server/context" }
+scuba_ext = { path = "../common/scuba_ext" }
+sshrelay = { path = "../sshrelay" }
+failure_ext = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+fbinit = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+futures_ext = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+futures_stats = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+hostname = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+secure_utils = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
+anyhow = "1.0"
+bytes = { version = "0.4", features = ["serde"] }
+clap = "2.33"
+dns-lookup = "1.0"
+futures = { version = "0.3", features = ["async-await", "compat"] }
+futures-old = { package = "futures", version = "0.1" }
+libc = "0.2"
+openssl = "0.10"
+slog = { version = "2.5", features = ["max_level_debug"] }
+slog-term = "2.4.2"
+tokio = "0.1"
+tokio-compat = "0.1"
+tokio-io = "0.1"
+tokio-openssl = "0.2"
+users = "0.9"
diff --git a/eden/mononoke/permission_checker/Cargo.toml b/eden/mononoke/permission_checker/Cargo.toml
index 29bc1d693455c..023a4859a7671 100644
--- a/eden/mononoke/permission_checker/Cargo.toml
+++ b/eden/mononoke/permission_checker/Cargo.toml
@@ -11,4 +11,5 @@ fbinit = { git = "https://github.com/facebookexperimental/rust-shed.git", branch
 anyhow = "1.0"
 async-trait = "0.1.29"
 maplit = "1.0"
+openssl = "0.10"
 tokio = { version = "=0.2.13", features = ["full"] }
diff --git a/eden/mononoke/permission_checker/src/oss.rs b/eden/mononoke/permission_checker/src/oss.rs
index 853fb31d2c10d..71e97d2cb427d 100644
--- a/eden/mononoke/permission_checker/src/oss.rs
+++ b/eden/mononoke/permission_checker/src/oss.rs
@@ -5,8 +5,9 @@
  * GNU General Public License version 2.
  */
 
-use anyhow::Result;
+use anyhow::{bail, Result};
 use fbinit::FacebookInit;
+use openssl::x509::X509;
 
 use crate::checker::{BoxPermissionChecker, PermissionCheckerBuilder};
 use crate::identity::{MononokeIdentity, MononokeIdentitySet};
@@ -16,6 +17,14 @@ impl MononokeIdentity {
     pub fn reviewer_identities(_username: &str) -> MononokeIdentitySet {
         MononokeIdentitySet::new()
     }
+
+    pub fn try_from_json_encoded(_: &str) -> Result<MononokeIdentitySet> {
+        bail!("Decoding from JSON is not yet implemented for MononokeIdentity")
+    }
+
+    pub fn try_from_x509(_: &X509) -> Result<MononokeIdentitySet> {
+        bail!("Decoding from x509 is not yet implemented for MononokeIdentity")
+    }
 }
 
 impl PermissionCheckerBuilder {
diff --git a/eden/mononoke/server/repo_listener/src/connection_acceptor.rs b/eden/mononoke/server/repo_listener/src/connection_acceptor.rs
index 89f7f0f72a7e9..29416d11629c1 100644
--- a/eden/mononoke/server/repo_listener/src/connection_acceptor.rs
+++ b/eden/mononoke/server/repo_listener/src/connection_acceptor.rs
@@ -173,24 +173,7 @@ fn accept(
             cloned!(root_log);
             move |sock| {
                 let identities = match sock.get_ref().ssl().peer_certificate() {
-                    Some(cert) => {
-                        #[cfg(fbcode_build)]
-                        {
-                            ::identity_ext::x509::get_identities(&cert).and_then(
-                                |identities| -> Result<MononokeIdentitySet> {
-                                    identities
-                                        .into_iter()
-                                        .map(|id| MononokeIdentity::try_from_identity(&id))
-                                        .collect()
-                                },
-                            )
-                        }
-                        #[cfg(not(fbcode_build))]
-                        {
-                            let _ = cert;
-                            Ok(MononokeIdentitySet::new())
-                        }
-                    }
+                    Some(cert) => MononokeIdentity::try_from_x509(&cert),
                     None => Err(ErrorKind::ConnectionNoClientCertificate.into()),
                 };